August 27, 2019

everyone seems to like posting their wins, which is great (seriously), but it isn’t often that people post about their losses. the last 24 hours have been one of the most humbling experiences in my professional career.

for the last year i’ve been working on pivoting my career path towards infosec. not a major deal, but at my age (for most of you i’m old enough to be your parent) it is a bit risky. for that reason i figured that getting the OSCP cert would be a great foundation. on top of that, i love that shit, always have.

just because i love it doesn’t mean i know what i’m doing though. about three months ago i decided to get busy and start working on the OSCP so i signed up for the PWK course and got busy. while i’ve been in IT my entire career, and i feel that i’m pretty savvy with regards to security stuff, i had not looked at an exploit in 20+ years so i was basically starting from scratch. i spent two months working through the PWK lab environment learning A TON. seriously, the folks at @offsectraining have put together a fantastic offering. access to their lab environment is worth the cost alone.

so anyways, i spent multiple hours a day (sometimes 5-6 hours) learning everything i could. by the end of it i had probably 50%-75% of the non-public networks and then maybe 2/3rds of the public servers rooted and had come up with, what i thought, was a pretty nice process. at this point i decided i’d set a date for the OSCP exam and see if i could knock this thing out.

yesterday at 3am local time i connected to the exam VPN and started checking out the boxes. within an hour i could tell that i was in for something i was likely not prepared for. this is not to say that the lab doesn’t prepare you for the exam, but the exam is like… the lab environment x10. i started to wonder what the hell i had gotten myself into but kept on pushing.

i can’t remember exact times, but probably within the first 5 hours i had low level shells on two of the boxes. i have no idea how long it took me to get root/system on those, but i can tell you that one of them i didn’t get until i had about 4 hours remaining for my exam. the best part was that i got totally luckily with some google-fu.

during that window i would reset and work on some of the other boxes when i got frustrated with the first two. i easily spent 6+ hours on one without ever getting a low level shell. i had no idea what to do or what i was looking for. it was as if i’d never done this before and it was at that point that i realized that this was not going to be successful. i kept at it, but by the end of the exam i had only rooted two boxes and had zero access on any of the others (40 points of the required 70 to pass).

i’m sure i got stuck going down rabbit holes, which is even more frustrating to think back and realize that, after 6+ hours, it is totally possible that i wasn’t even close to the right path. at 2am (23 hours later) i called it and went to bed for some much needed sleep. that walk to the bedroom was filled with anger, frustration and hopelessness. i came away wondering “what am i doing? i suck at this and should quit”. but you know what, fuck that shit. like the @offsectraining folks say, “try harder!” which is exactly what this cert is all about. getting your ass kicked, learning a ton and then coming back to rock that shit later.

UPDATE i did end up passing on my 2nd try :)